]>
Commit | Line | Data |
---|---|---|
92004c61 CS |
1 | @@section GLOBAL |
2 | TWROOT=/usr/sbin; | |
3 | TWBIN=/usr/sbin; | |
4 | TWPOL="/var/ipfire/tripwire"; | |
5 | TWDB="/var/ipfire/tripwire"; | |
6 | TWSKEY="/var/ipfire/tripwire"; | |
7 | TWLKEY="/var/ipfire/tripwire"; | |
8 | TWREPORT="/var/ipfire/tripwire/report"; | |
71dfc4b7 | 9 | HOSTNAME=ipfire; |
92004c61 CS |
10 | |
11 | @@section FS | |
12 | SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change | |
92004c61 CS |
13 | SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often |
14 | SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership | |
15 | SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership | |
16 | SIG_LOW = 33 ; # Non-critical files that are of minimal security impact | |
17 | SIG_MED = 66 ; # Non-critical files that are of significant security impact | |
18 | SIG_HI = 100 ; # Critical files that are significant points of vulnerability | |
19 | ||
71dfc4b7 | 20 | # System Files |
92004c61 | 21 | |
92004c61 | 22 | ( |
71dfc4b7 | 23 | rulename = "System Files", |
92004c61 CS |
24 | severity = $(SIG_HI) |
25 | ) | |
26 | { | |
71dfc4b7 CS |
27 | $(TWDB) -> $(SEC_CRIT) ; |
28 | $(TWPOL)/tw.pol -> $(SEC_CRIT) -i ; | |
29 | $(TWPOL)/tw.cfg -> $(SEC_CRIT) -i ; | |
8871b9f2 | 30 | $(TWLKEY)/local.key -> $(SEC_CRIT) ; |
71dfc4b7 | 31 | $(TWSKEY)/site.key -> $(SEC_CRIT) ; |
92004c61 | 32 | |
8871b9f2 | 33 | /bin -> $(SEC_CRIT) ; |
71dfc4b7 CS |
34 | /boot -> $(SEC_CRIT) ; |
35 | /etc -> $(SEC_CRIT) ; | |
1b73b07e | 36 | /etc/snort/rules/ -> $(Dynamic) ; |
71dfc4b7 CS |
37 | /lib -> $(SEC_CRIT) ; |
38 | /root -> $(SEC_CRIT) ; | |
39 | /root/.bash_history -> $(Dynamic) ; | |
40 | /sbin -> $(SEC_CRIT) ; | |
41 | /usr -> $(SEC_CRIT) ; | |
1b73b07e | 42 | /usr/share/clamav -> $(Dynamic) ; |
71dfc4b7 | 43 | /etc/mtab -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount |
92004c61 CS |
44 | |
45 | #don't scan the individual reports | |
71dfc4b7 | 46 | $(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ; |
92004c61 CS |
47 | } |
48 | ||
92004c61 CS |
49 | # Commonly accessed directories that should remain static with regards to owner and group |
50 | ( | |
51 | rulename = "Invariant Directories", | |
92004c61 CS |
52 | severity = $(SIG_MED) |
53 | ) | |
54 | { | |
71dfc4b7 CS |
55 | / -> $(SEC_INVARIANT) (recurse = 0) ; |
56 | /home -> $(SEC_INVARIANT) (recurse = 0) ; | |
57 | /tmp -> $(SEC_INVARIANT) ; | |
92004c61 CS |
58 | } |
59 | ||
71dfc4b7 | 60 | # Critical Devices |
92004c61 | 61 | |
92004c61 CS |
62 | ( |
63 | rulename = "Critical devices", | |
92004c61 CS |
64 | severity = $(SIG_HI), |
65 | recurse = false | |
66 | ) | |
67 | { | |
71dfc4b7 CS |
68 | /dev/console -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout. |
69 | /dev/initctl -> $(SEC_CONFIG) ; /dev/log -> $(SEC_CONFIG) ; | |
70 | /proc/modules -> $(Device) ; | |
71 | /proc/mounts -> $(Device) ; | |
72 | /proc/filesystems -> $(Device) ; | |
73 | /proc/misc -> $(Device) ; | |
8871b9f2 CS |
74 | /var/log -> $(SEC_LOG) ; |
75 | } |